IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Realistic illustration interconnected computer servers networks shield lock icons global risk management ai supply chains
#
Supply Chain
#
AI Security
#
Risk & Compliance

Black Kite launches global unified framework for third-party AI risk

Tue, 18th Nov 2025
Author image
By Catherine Knowles, Journalist

Black Kite has introduced a unified framework for assessing artificial intelligence (AI) risk in third-party vendor networks. The new standard, called the Global Adaptive AI Assessment Framework (BK-GA3TM), has been developed to address the rapid evolution and increasing complexity of AI threats faced by organisations worldwide.

Unified approach

The framework aims to streamline the process of evaluating third-party AI security across different industries and regions. Black Kite collaborated with Shared Assessments, a well-established third-party risk assurance body, during the framework's development. Many organisations have faced difficulties with fragmented and overlapping assessment methods, often fragmented by geography or regulatory requirement.

"Third party risk management teams are challenged on two key fronts: the proliferation of AI that has outpaced the ability of traditional risk frameworks to keep up, and existing AI risk assessments that are fragmented, overlapping, and unique to specific industries, geographies, or regulatory bodies," said Bob Maley, Chief Security Officer, Black Kite.

Framework structure

The BK-GA3TM framework incorporates hundreds of unique requirements extracted from over 50 international assessment frameworks, including established standards such as those from ISO and NIST. By synthesising these sources, it seeks to provide a single, adaptive system that can evolve alongside the changing threats within AI technology.

Its development included ongoing consultation with industry bodies and the Black Kite Research Group. The working committee will regularly update the framework to reflect emerging standards and new AI threats.

Continuous adaptation

Black Kite said that a key advantage of the framework is its ability to remain current as AI risks change. Updates are managed by a dedicated working committee, and intelligence feeds include insights from open-source intelligence and research trends in AI security.

The framework is designed to be applicable globally, aiming to resolve issues organisations face when trying to comply with multiple, potentially conflicting frameworks. It allows risk managers to identify control gaps and assess vendor AI risk across their supply chains with a single approach.

Industry collaboration

Black Kite's work with Shared Assessments has been highlighted as a significant step. The Shared Assessments organisation has contributed to aligning BK-GA3TM with broader risk assurance initiatives used by many large enterprises.

"We are dedicated to developing the best practices, education, and products that drive third party risk assurance," said Andrew Moyad, CEO, Shared Assessments. "BK-GA3TM complements and extends the Shared Assessments SIG framework by providing another focused lens on AI-specific risks and helps foster a rich ecosystem of resources to help many organizations better manage third-party risk."

The importance of vendor-neutral and framework-agnostic approaches in third-party risk management was underscored by Julie Gaiaschi, CEO and Co-Founder of the Third Party Risk Association (TPRA).

"At Third Party Risk Association (TPRA), we pride ourselves on being vendor-agnostic and framework-agnostic. Which really means, we support our vendor partners and the many, important frameworks they bring to our industry. Black Kite's new AI framework of frameworks brings together the best practices from many different frameworks into one standard, BK-GA3TM, which gives organizations a shared foundation to address AI risk more effectively. Open, community-accessible frameworks are essential for managing risk, and they become even more critical due to the complex web of third-party dependencies and the rapid, widespread adoption of AI," said Gaiaschi.

Availability

The BK-GA3TM framework is available publicly as a freely accessible standard, with extended functionality for Black Kite platform customers. Public access includes documentation and guidelines, while the Black Kite platform features enable automated vendor AI risk assessments for users integrating the framework into their operations.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Orgvue unveils Henshaw AI to transform workforce planning
DE-CIX & Epsilon expand partnership to address APAC AI growth
Allied Telesis unveils OneConnect for unified cloud management
DataSapien unveils AI platform for secure, cloud-free mobile apps
Solace unveils Agent Mesh for secure scaling of agentic AI apps

Top stories

Coralogix unveils Olly to automate real-time observability tasks
AI supply chain to mature with trust & oversight by 2026
HP predicts surge in AI-driven cyber threats & cookie theft by 2026
Portal26 names Rick O'Rourke Chief Revenue Officer to drive AI
SUSE Rancher for AWS launches with built-in AI & cost controls